Configuring CORS
Object Storage allows you to manage CORS configurations in the bucket.
- In the management console
, go to the bucket you want to configure CORS for. - In the left-hand panel, select CORS.
- Click Configure.
- This will open a page where you can add, delete, and edit configuration rules. For a detailed description of the configuration fields, see CORS configuration of buckets.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View a description of the CLI command to update a bucket:
yc storage bucket update --help
-
Get a list of buckets in the default folder:
yc storage bucket list
Result:
+------------------+----------------------+-------------+-----------------------+---------------------+ | NAME | FOLDER ID | MAX SIZE | DEFAULT STORAGE CLASS | CREATED AT | +------------------+----------------------+-------------+-----------------------+---------------------+ | first-bucket | b1gmit33ngp6******** | 53687091200 | STANDARD | 2022-12-16 13:58:18 | +------------------+----------------------+-------------+-----------------------+---------------------+
-
Using the
NAME
column, save the name of the bucket to set up the CORS configuration in. -
Run the following command:
yc storage bucket update --name <bucket_name> \ --cors <CORS_parameter>=<value>,<CORS_parameter>=<value>,...
Where:
-
--name
: Name of the bucket to set up the CORS configuration in. -
--cors
: CORS parameters:allowed-methods
: List of methods. Possible values:method-get
,method-put
,method-post
,method-delete
, andmethod-head
. This is a required parameter.allowed-origins
: List of websites that allow sending cross-domain requests to a bucket. This is a required parameter.allowed-headers
: List of allowed headers. This is an optional parameter.expose-headers
: List of headers that can be displayed in a JavaScript app in the browser. This is an optional parameter.max-age-seconds
: Time in seconds during which the results of requests to an object are cached by the browser. This is an optional parameter.
The lists are enclosed in square brackets, their items are comma-separated with no spaces, e.g.,
allowed-methods=[method-get,method-head],allowed-origins=[example.com]
.Permissions specified in the command override the current CORS settings of the bucket. You can retrieve the current permissions using the
yc storage bucket get <bucket_name> --full
command.Result:
name: first-bucket folder_id: b1gmit33ngp6******** default_storage_class: STANDARD versioning: VERSIONING_DISABLED max_size: "53687091200" acl: {} created_at: "2022-11-25T11:48:42.024638Z"
-
To remove the CORS configuration, run this command:
yc storage bucket update \
--name <bucket_name> \
--remove-cors
To upload a configuration via the AWS CLI:
-
Describe the CORS object configurations in JSON format. Here is an example:
{ "CORSRules": [ { "AllowedHeaders": ["*"], "AllowedMethods": ["GET", "HEAD", "PUT", "DELETE"], "MaxAgeSeconds": 3000, "AllowedOrigins": ["*"] } ] }
You can save your configuration as a file, for example,
cors.json
. -
Upload the configuration to a bucket, e.g.,
shared-bucket
:aws s3api put-bucket-cors \ --bucket shared-bucket \ --cors-configuration file://cors.json \ --endpoint-url=https://storage.yandexcloud.net
If you don't have Terraform, install it and configure the Yandex Cloud provider.
Retrieve static access keys: a static key and a key ID used to authenticate in Object Storage.
-
In the configuration file, describe the parameters of the resources you want to create:
provider "yandex" { cloud_id = "<cloud_ID>" folder_id = "<folder_ID>" zone = "<availability_zone>" token = "<OAuth_token>" } resource "yandex_storage_bucket" "b" { bucket = "s3-website-test.hashicorp.com" acl = "public-read" access_key = "<key_ID>" secret_key = "<secret_key>" cors_rule { allowed_headers = ["*"] allowed_methods = ["PUT", "POST"] allowed_origins = ["https://s3-website-test.hashicorp.com"] expose_headers = ["ETag"] max_age_seconds = 3000 } }
Where:
access_key
: ID of the static access key.secret_key
: Value of the secret access key.bucket
: Bucket name. This is a required parameter.acl
: Applied ACL policy. This is an optional parameter.
CORS
parameters:allowed_headers
: Allowed headers. This is an optional parameter.allowed_methods
: Allowed methods. Possible values areGET
,PUT
,POST
,DELETE
, orHEAD
. This is a required parameter.allowed_origins
: Website that allows sending cross-domain requests to a bucket. This is a required parameter.expose_headers
: Header that can be displayed in a JavaScript app in the browser. This is an optional parameter.max_age_seconds
: Time in seconds during which the results of requests to an object are cached by the browser. This is an optional parameter.server_side_encryption_configuration
: Bucket encryption settings on the server side. This is an optional parameter.
For more information about resources you can create with Terraform, see the provider documentation
. -
Make sure the configuration files are valid.
-
In the command line, go to the directory where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm that you want to create the resources.
All the resources you need will then be created in the specified folder. You can check the new resources and their configuration using the management console
. -
To manage CORS configurations for buckets, use the update REST API method for the Bucket resource, the BucketService/Update gRPC API call, or the upload S3 API method.